Exporting DSS Keys

When sending signed data to someone where the signature will need to be verified by the recipient, the signer's public key must be provided to the recipient; and is usually sent along with the signed data. Therefore, it is necessary to be able to export the DSS keys, and they are exported in a key blob format.

    To export the DSS public key

1. Call CryptAcquireContext to get a pointer to the Microsoft DSS Cryptographic Provider.
2. Call CryptGetUserKey, with the dwKeySpec argument set to either AT_SIGNATURE or CALG_DSS_SIGN.
3. Call CryptExportKey with hKey set to the handle retrieved in the previous step, dwBlobType set to PUBLICKEYBLOB, and dwFlags set to zero. The DSS public-key blob is returned in pbData and the length of the key blob is returned in pdwDataLen. A NULL pointer may be passed in pbData, and in this case just the length of the DSS key blob will be returned. The blob returned when making the call to CryptExportKey is in the format described in The DSS Provider Public-Key Blob.

    To export the DSS private key

1. Follow the same procedure as for exporting a DSS public key, except that when making the call to CryptExportKey, dwBlobType should be set to PRIVATEKEYBLOB. The blob returned when making the call to CryptExportKey is in the format described in The DSS Provider Private-Key Blob.